Saturday, April 18, 2015

Managing Users in Active Directory Lightweight Directory Services using ADSIEdit

If you want to manage users for your Active Directory Lightweight Services instance using ADSIEdit, you may refer to these MSDN articles:

Manage an AD LDS Instance Using ADSI Edit

Use ADSI Edit to Manage an AD LDS Instance

These articles will provide you with the necessary information to connect to your ADLDS instance using ADSIEdit, but what if you want to actually add users to ADLDS?

Well, this article addresses that question:

Add an AD LDS User to the Directory

The problem with  the above article, though, is that it does not address how to Set the Password for the newly created user!!

Fortunately, someone else wrote an article describing how to accomplish this (though a bit outdated):

Once you have created your new user in ADLDS, you simply right click on the user and select "Reset Password"!

In addition, even after resetting the password, the user in ADLDS, by default, is still not enabled!  So you still have to go about enabling the user account by updating the msDS-UserAccountDisabled attribute:

Finally, the userPrincipalName attribute is still not set by going through the wizard, so that also has to be set manually:

Fortunately, there is a much easier way to accomplish all of these manual steps in ADSI Edit by using PowerShell:
#ADName John Doe
#GivenName John
#Surname Doe
$ADLDSServer = "MYADLDSServer:5000";
$ADDefaultPwd = "P@ssword!";
$ADLDSPath = "CN=Roles,CN=AppPartition,DC=ADLDS,DC=COM";
New-ADUser -Name $ADName -DisplayName $ADName -Server $ADLDSServer -UserPrincipalName $ADUPN -GivenName $ADGivenName -Surname $ADSurname -AccountPassword (ConvertTo-SecureString $ADDefaultPwd -AsPlainText -Force) -Enabled $true -PasswordNeverExpires $true -Path $ADLDSPath


Using PowerShell to create ADLDS Users is definitely much, much nicer and simpler!!

No comments:

Post a Comment